Skip to content

Instantly share code, notes, and snippets.

View craig-m-unsw's full-sized avatar

Craig M craig-m-unsw

17 followers · 41 following
View GitHub Profile
@vegard
vegard / kernel-dev.md
Last active October 1, 2025 06:07
Getting started with Linux kernel development

Getting started with Linux kernel development

Prerequisites

The Linux kernel is written in C, so you should have at least a basic understanding of C before diving into kernel work. You don't need expert level C knowledge, since you can always pick some things up underway, but it certainly helps to know the language and to have written some userspace C programs already.

It will also help to be a Linux user. If you have never used Linux before, it's probably a good idea to download a distro and get comfortable with it before you start doing kernel work.

Lastly, knowing git is not actually required, but can really help you (since you can dig through changelogs and search for information you'll need). At a minimum you should probably be able to clone the git repository to a local directory.

@0x646e78
0x646e78 / Vagrantfile
Created May 14, 2020 14:57
Almost Kube
Vagrant.configure("2") do |config|
config.vm.define "k8smaster" do |k8smaster|
k8smaster.vm.box = "generic/ubuntu1804"
k8smaster.vm.hostname = "k8smaster"
k8smaster.vm.network "private_network", ip: "192.168.10.2"
k8smaster.vm.provider "vmware_fusion" do |v|
v.memory = 6144
v.cpus = 3
end
end
@cellularmitosis
cellularmitosis / README.md
Last active December 15, 2025 21:02
QEMU PowerPC G4 OS X Tiger (10.4) setup

Blog 2020/5/7

<- previous | index | next ->

QEMU PowerPC G4 OS X Tiger (10.4) setup

EDIT 2024/12/1: I updated a few of these commands to work with qemu 9.x.

@ndavison
ndavison / haproxy-smuggling.md
Last active November 9, 2025 15:18
HAProxy HTTP request smuggling

The following describes a technique to achieve HTTP request smuggling against infrastructure behind a HAProxy server when using specific configuration around backend connection reuse. This was tested against HAProxy versions 1.7.9, 1.7.11, 1.8.19, 1.8.21, 1.9.10, and 2.0.5. Of all these tested versions, only 2.0.5 was not vulnerable out of the box, although it is when using the no option http-use-htx configuration, which reverts back to the legacy HTTP decoder. 2.1 removed the legacy decoder so it is not affected.

To actually exploit HTTP smuggling using the issue described in this writeup, the backend server(s) behind HAProxy would also have to be vulnerable in the sense they too would need to suffer from a bug, but one which parses and accepts a poorly formed Transfer-Encoding header (almost certainly violating RFC7230), and allows HTTP keep-alive.

The HAProxy bug - sending both Transfer-Encoding and Content-Length

This is how HAProxy handles a request when Transfer-Encoding and Content-Length is p

@apolloclark
apolloclark / devsecops_maturity_model.md
Last active October 8, 2024 01:35
DevSecOps Maturity Model

DevSecOps Maturity Model

DevSecOps has finally become popular within the wider IT industry in 2019. I started as a web developer in 2001, learned about testing automation, system deployment automation, and "infrastructure as code" in 2012, when DevOps was becoming a popular term. DevOps became common after the release of The Phoenix Project in Jan 2013. It has taken 7+ years for security to become integrated within the DevOps methodology. The following is a list of concepts I go through with project owners, project managers, operations, developers, and security teams, to help establish how mature their DevOps and security automation is, and to help them increase that maturity over time. This model is based on experience consulting with a variety of US Financial, Healthcare, and Department of Defense, organizations, and combines:

@TarlogicSecurity
TarlogicSecurity / kerberos_attacks_cheatsheet.md
Created May 14, 2019 13:33
A cheatsheet with commands that can be used to perform kerberos attacks

Kerberos cheatsheet

Bruteforcing

With kerbrute.py:

python kerbrute.py -domain <domain_name> -users <users_file> -passwords <passwords_file> -outputfile <output_file>

With Rubeus version with brute module:

@susam
susam / vectors.md
Last active December 27, 2025 05:40

Recon and Attack Vectors from My Logs

This document contains excerpts from my web server logs collected over a period of 7 years that shows various kinds of recon and attack vectors.

There were a total of 37.2 million lines of logs out of which 1.1 million unique HTTP requests (Method + URI) were found.

$ sed 's/^.* - - \[.*\] "\(.*\) HTTP\/.*" .*/\1/' access.log &gt; requests.txt
@bradtraversy
bradtraversy / docker-help.md
Last active November 23, 2025 10:14
Docker Commands, Help & Tips

Docker Commands, Help & Tips

Show commands & management commands

$ docker

Docker version info

@mutin-sa
mutin-sa / Top_Public_Time_Servers.md
Last active December 31, 2025 18:41
List of Top Public Time Servers

Google Public NTP [AS15169]:

time.google.com

time1.google.com

time2.google.com

time3.google.com

@danielepolencic
danielepolencic / README.md
Last active October 27, 2024 08:34
Create 3 nodes Kubernetes cluster locally with Vagrant

3 Virtual Machines Kubernetes cluster

Dependencies

You should install VirtualBox and Vagrant before you start.

Creating the cluster

You should create a Vagrantfile in an empty directory with the following content: